Sept. 25 -- The drafting of a voluntary U.S. cybersecurity
framework for the private sector is "essentially complete,"
National Institute of Standards and Technology Director Patrick
Gallagher said Sept. 25.
"We are at the end, but we're only at the end of the beginning,"
Gallagher said at a cybersecurity summit in Washington. "Now we are
really focused on taking what has been a remarkable effort and
translating and driving it into practice. And for me, the litmus
test of success is going to be the extent to which this framework
becomes integrated with the way we operate."
The summit was sponsored by Billington Cybersecurity, a division
of the Cyber Education Institute LLC, based in Chevy Chase, Md.
Under an executive order signed by President Barack Obama
earlier this year, NIST must release a draft framework for public
comment next month and publish a final version by February 2014 .
NIST released a
preliminary draft framework for discussion at a Dallas
workshop in September .
Gallagher indicated that he expected the agency to meet its
October deadline. "The NIST team has completed their work
reflecting the last input from the Dallas workshop, and it will
shortly go into a clearance process in time for a release that's
called for in the executive order," he said.
Although the voluntary framework is primarily designed for
owners and operators of U.S. "critical infrastructure" and their
partners, it is expected to benefit a broader array of
organizations across the private sector that are facing
cybersecurity challenges, according to NIST, a division of the
Department of Commerce.
The White House Aug. 6 unveiled preliminary recommendations from
the Departments of Commerce, Homeland Security, and Treasury on
incentives that can be used to encourage industry adoption of the
The DHS is expected to coordinate the development of a program
with incentives to promote the framework, once it has been
finalized. In addition, regulatory agencies must review existing
cybersecurity mandates to determine whether they are adequate in
light of the framework.
By Alexei Alexis
To contact the reporter on this story: Alexei Alexis in
Washington at aalexis
To contact the editor responsible for this story: Heather
Rothman at firstname.lastname@example.org
To view additional stories from Privacy & Security Law Report® register for a free trial now